npm
4,198 tracked vulnerabilities.
CVE-2023-38687
MEDIUM
svelecte < 3.16.3 - Stored Cross-Site Scripting via Item Name Rendering
Aug 14, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-39532
CRITICAL
SES 0.13.0-0.18.7 Arbitrary Code Execution via Dynamic Import Spread Operator
Aug 08, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-38704
HIGH
import-in-the-middle < 1.4.2 - Remote Code Execution via User-Supplied Input to import()
Aug 07, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-38700
LOW
Matrix App Service IRC <1.0.1 - Info Disclosure
Aug 04, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-38691
MEDIUM
matrix-appservice-bridge <8.1.2,9.0.1 - Open Redirect
Aug 04, 2023
CVSS 5.0
EPSS 0.00
CVE-2023-38690
MEDIUM
matrix-appservice-irc <1.0.1 - Command Injection
Aug 04, 2023
CVSS 5.8
EPSS 0.01
CVE-2023-3348
MEDIUM
Wrangler <=3.1.0/2.20.1 - Path Traversal
Aug 03, 2023
CVSS 5.7
EPSS 0.01
CVE-2023-37478
HIGH
pnpm < 7.33.4 - Improper Access Control via Tarball Parsing
Aug 01, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-26139
HIGH
underscore-keypath <0.0.11 - Prototype Pollution
Aug 01, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-38504
HIGH
Sails < 1.5.7 - Denial of Service via Virtual Request
Jul 27, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-38503
MEDIUM
Directus 10.3.0-10.5.0 - Unauthorized Data Exposure via GraphQL Subscription Permission Bypass
Jul 25, 2023
CVSS 5.7
EPSS 0.00
CVE-2023-2850
MEDIUM
NodeBB < 2.8.13 and 3.0.0-3.1.3 - Cross-Site WebSocket Hijacking via Missing Origin Validation
Jul 25, 2023
CVSS 4.7
EPSS 0.00
CVE-2023-26045
CRITICAL
NodeBB 2.5.0-2.8.6 - Remote Code Execution via User Export Path Traversal
Jul 24, 2023
CVSS 10.0
EPSS 0.01
CVE-2023-37905
MEDIUM
ckeditor-wordcount-plugin < 1.17.12 - Cross-Site Scripting via Source Code Mode Switch
Jul 21, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-37903
CRITICAL
Vm2 < 3.9.19 - OS Command Injection
Jul 21, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-37259
MEDIUM
matrix-react-sdk 3.32.0-3.75.0 - Stored Cross-Site Scripting via Export Chat Feature
Jul 18, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-3696
CRITICAL
mongoose < 5.13.20 and 7.0.0-7.3.3 - Prototype Pollution
Jul 17, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-3691
LOW
layui < 2.8.0 - Cross-Site Scripting via Title Attribute
Jul 16, 2023
CVSS 3.5
EPSS 0.01
CVE-2023-2507
CRITICAL
CleverTap Cordova Plugin < 2.7.0 - Remote Code Execution via Deeplink
Jul 15, 2023
CVSS 9.3
EPSS 0.01
CVE-2023-3672
MEDIUM
plaidweb webmention.js < 0.5.5 - DOM-based Cross-Site Scripting
Jul 14, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-37466
CRITICAL
Vm2 < 3.9.19 - Code Injection
Jul 14, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-3620
MEDIUM
GitHub amauric/tarteaucitron.js <1.13.1 - XSS
Jul 11, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-36822
MEDIUM
Uptime Kuma <1.22.1 - Path Traversal
Jul 05, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-36821
HIGH
Uptime Kuma <1.22.1 - Authenticated RCE
Jul 05, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-36665
CRITICAL
protobuf.js <7.2.5 - Prototype Pollution
Jul 05, 2023
CVSS 9.8
EPSS 0.02
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters